We had a discussion today and a straw poll about parameters to the
pipeline and whether or not they are passed to steps by default. I think
this is expected behavior in the case where a user takes an XSLT
transformation and then places it in a simple pipeline with some
set of pre-steps like XInclude.
I reject the argument against this because of security concern as:
* parameters are no different than pipeline inputs or outputs in
terms of security. That is, if you are concerned about pipeline
invocation from a security perspective, all inputs--xml or parameters--are
equally troubling.
* the pipeline author now has the control to exclude pipeline
parameters from a step. This means a pipeline author can write
a "secure step" than can't be affected by pipeline parameters
* true security relies upon securing the execution environment from
doing harm to the local system (e.g. as a "jail" or "secure VM"). As such,
parameters, inputs, and outputs have little to do with this.
--
--Alex Milowski
"The excellence of grammar as a guide is proportional to the paucity of the
inflexions, i.e. to the degree of analysis effected by the language
considered."
Bertrand Russell in a footnote of Principles of Mathematics